[selinux-policy: 906/3172] more dbus cleanup
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:23:20 UTC 2010
commit 0b12fa4bd05665e302d8dae02065ce7883310b38
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Nov 1 15:19:48 2005 +0000
more dbus cleanup
refpolicy/policy/modules/admin/updfstab.te | 9 +++++----
refpolicy/policy/modules/services/bind.te | 7 +++----
refpolicy/policy/modules/services/bluetooth.te | 5 +++++
refpolicy/policy/modules/services/cron.te | 3 +++
4 files changed, 16 insertions(+), 8 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te
index 9550ee0..dfc42d3 100644
--- a/refpolicy/policy/modules/admin/updfstab.te
+++ b/refpolicy/policy/modules/admin/updfstab.te
@@ -120,12 +120,13 @@ ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain(updfstab_t)
')
-ifdef(`dbusd.te',`
-allow initrc_t updfstab_t:dbus send_msg;
-allow updfstab_t initrc_t:dbus send_msg;
-')
allow updfstab_t tmpfs_t:dir getattr;
ifdef(`hald.te', `
can_unix_connect(updfstab_t, hald_t)
')
')
+
+optional_policy(`dbus.te',`
+ allow initrc_t updfstab_t:dbus send_msg;
+ allow updfstab_t initrc_t:dbus send_msg;
+')
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 7023453..c323392 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -270,11 +270,10 @@ optional_policy(`nscd.te',`
# Partially converted rules. THESE ARE ONLY TEMPORARY
#
-gen_require(`
- class dbus send_msg;
-')
-
allow named_t initrc_t:dbus send_msg;
+allow initrc_t named_t:dbus send_msg;
+allow named_t dhcpc_t:dbus send_msg;
+allow dhcpc_t named_t:dbus send_msg;
# cjp: this whole block was originally in networkmanager
optional_policy(`networkmanager.te',`
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index c0fd36f..1ab8ded 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -235,3 +235,8 @@ ifdef(`targeted_policy', `
allow unpriv_userdomain bluetooth_t:dbus send_msg;
')
') dnl end TODO
+
+ifdef(`targeted_policy',`
+ allow bluetooth_t unconfined_t:dbus send_msg;
+ allow unconfined_t bluetooth_t:dbus send_msg;
+')
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 1c35439..9ea0e72 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -157,6 +157,9 @@ ifdef(`targeted_policy',`
userdom_manage_user_home_subdir_pipes(user,crond_t)
userdom_manage_user_home_subdir_sockets(user,crond_t)
userdom_create_user_home(user,crond_t,{ dir file lnk_file fifo_file sock_file })
+
+ allow crond_t unconfined_t:dbus send_msg;
+ allow crond_t initrc_t:dbus send_msg;
',`
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
More information about the scm-commits
mailing list